Vulnerabilities > Iteris

DATE	CVE	VULNERABILITY TITLE	RISK
2020-02-17	CVE-2020-9025	Cross-site Scripting vulnerability in Iteris Vantage Velocity Firmware 2.4.2 Iteris Vantage Velocity Field Unit 2.4.2 devices have multiple stored XSS issues in all parameters of the Start Data Viewer feature of the /cgi-bin/loaddata.py script. network iteris CWE-79	4.3
2020-02-17	CVE-2020-9024	Improper Privilege Management vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have world-writable permissions for the /root/cleardata.pl (executed as root by crond) and /root/loadperl.sh (executed as root at boot time) scripts. network low complexity iteris CWE-269 critical	10.0
2020-02-17	CVE-2020-9023	Insufficiently Protected Credentials vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2 Iteris Vantage Velocity Field Unit 2.3.1 and 2.4.2 devices have two users that are not documented and are configured with weak passwords (User bluetooth, password bluetooth; User eclipse, password eclipse). network low complexity iteris CWE-522	7.5
2020-02-17	CVE-2020-9020	OS Command Injection vulnerability in Iteris Vantage Velocity Firmware 2.3.1/2.4.2/3.0 Iteris Vantage Velocity Field Unit 2.3.1, 2.4.2, and 3.0 devices allow the injection of OS commands into cgi-bin/timeconfig.py via shell metacharacters in the NTP Server field. network low complexity iteris CWE-78 critical	10.0

Vulnerabilities > Iteris {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Iteris"}]}